Tips About Fighting Fileless Malware Effectively

Posted on Thursday, May 31, 2018

Part of what makes working in IT so challenging and exciting is the pace of the industry. There are always new ways of unlocking potential and creating new environments. This drive and ability to innovate is available to anyone, of course, and so it becomes a double-edged sword. As technology became a part of every business, hackers worked to break into those systems. Protective technology was developed, and a cat and mouse game begun. It is still playing out today, and the arena is shifting to fresh territory as hackers work harder to infiltrate secure systems. As anti-virus software has become very adept at protection, hackers looked for alternative ways to get in. Fileless malware was doubtless designed as a reaction to the efficiency of traditional file-based cyber security protocol. This article will show you how you can protect your business against this insidious threat.


What is fileless malware?


Garden variety malware uses executable files to infect individual computers and their networks. These can be delivered to your systems through deliberate hacking efforts, or by phishing attempts. Anti-virus software is a first defence against these types of attacks, along with rigorous cyber security training for employees. Fileless malware is far more insidious, because it bypasses these protective systems entirely. Instead of relying on files, hackers can manipulate other system tools such as macros in Microsoft Word (and other software), Powershell and other programs with scripting technology. They talk a stealth-based approach and often can fly under the radar for quite some time. Because they rely on co-opting a computer’s RAM to act, users may notice a significant slow-down in processing speeds. That said, hackers are becoming savvier and are writing codes that are far more efficient, and therefore unnoticeable. These in-program systems often have versatile capabilities that can be hijacked and forced to act toward negative outcomes. They can be manipulated to:


  • Mine cryptocurrencies,
  • Monitor user behaviour,
  • Escalate privileges, creating gateways for more traditional hacking methods,
  • Collect data, and
  • Infiltrate secure or sensitive data, along with other nefarious purposes and outcomes.


These actions can be conducted, and the data can be transferred outside the network without any further system manipulation. These attacks often remain undetected because no files are changed during the breach, which protects against being picked up by file-scanning software. Fileless malware can often create an opportunity for hackers to place persistence-based strategies in place. Fileless malware incursions rely on stealth but may open just enough doors to plant a longer term vulnerability that can be exploited at a later date.


An example


An employee may have an outdated Flash or Javascript running in their browser. If they visit a site infected with an exploit kit, it will run and find the outdated script. Then, the exploit kit can run its course using the memory of the browser. The malware can then gain access to your network and run amok with data theft or set up a lockout ransomware attack. It will only be picked up by anti-virus software after the exploitation has occurred – too late.


How to reduce the risk of a fileless malware attack


It is certainly more challenging to protect against fileless malware than regular file-based attacks. There are some things you can do to guard against these types of incursion.


Use what you have. Review your current anti-virus and malware detection software, along with email systems. You may find settings that automatically disable macros in received files, for example. Check to see if your software can enable a behaviour-based detection protocol, too.

Harden endpoint security. This advice will come as no surprise, but it’s so valuable that it’s worth repeating. Ensure that every company laptop, tablet, smartphone and other IoT connected devices are as impenetrable as possible. Ensure that all software is updated, and patches are deployed immediately.

Block exploit kits. These services are hosted on websites and take hackers a lot of time to create. This means they rarely move or change, so once they are known they can be avoided. They are even sold ‘as-a-service’, which means they are ending up in the hands of relatively unsophisticated hackers. Use your anti-virus capabilities to screen websites and block loading so they cannot be activated on company software.

Maintain staff awareness. We often mention that staff training can make the difference between a secure and insecure digital environment. Maintaining an active and alert workforce will help to reduce phishing style attacks, and it may also help to reduce the risk of fileless malware. Educate staff on what it is and how it may make itself known. As always, reassure staff that it’s better to speak up if something is amiss, and no alarm or oddity is too small to ignore.

Increase visibility. Depending on the software you use, you may be able to increase the visibility of these vulnerabilities through logging. Your IT and cyber security teams will have more data to access and review, which may highlight transgressions on the network.




If you have experienced a hacking attempt before, you may have been through the process of preserving evidence for later action in the judicial system. Preserving data for an investigation of a fileless malware attack is much more difficult than a regular one. Files are not impacted so they cannot be preserved, so to speak. Instead, use script block logging as a multi-tool. The script block loggers will give more information to your teams mid-attack and will also go a way to recording every executable command played out on the system. Any evidence that can be collected will contribute to an investigation’s strength.


About Mustard IT, your cyber security partner

Mustard IT provide the design, build, and installation of secure IT servers and networks, and can help you create a fileless malware defence strategy. Our trusted team are experienced and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.